Use this checklist to help protect client and business data

Written on Jan 02, 2020

By Abigail Draper, OSCPA communication & engagement manager

The Security Summit partners of the IRS is fighting back with a “Taxes-Security-Together” “Taxes-Security-Together” checklist to help tax professionals make their clients’ and firms’ data more secure.

Dennis Bell, senior tax specialist at the IRS, presented the checklist at OSCA’s MEGA Tax Conference on Dec. 9. The list includes the “Security Six” – items the IRS suggests tax professionals have in place as safeguards. These are:

  1. Anti-virus software: This protects against spyware and phishing in email attachments, web downloads and portable media (thumb drives, for example).
  2. Firewalls: These protect against malicious traffic (outside network attacks). They can consist of external hardware or built-in or purchased software.
  3. Two-factor authentication: You might have seen an option to start using two-factor authentication on some websites. This provides an extra level of security for your accounts and is often something like sending a security code to your cell phone that you need to enter to log in. These extra steps make it more difficult to hack into an account.
  4. Back-up software/services: These can be useful if your information becomes compromised or lost. For example, Bell said one company was hit by ransomware (hackers steal your data and hold it for ransom). They did the math and found it was cheaper for them to delete the ransomed information and download it again using the back-up they had.
  5. Drive encryption: Bell said this can be “a little cumbersome, but the work is mostly upfront and it’s worth doing.” This is a process that transforms data on a computer into unreadable files for authorized personnel only.
  6. A virtual private network (VPN): This is basically a “secure tunnel” into your network. If you have a lot of people working remotely, a VPN is the best way to keep your information safe while allowing those employees access to your network.

Bell said many people aren’t aware, but IRS Publication Publication 4557 states that tax professionals are required by law to have the same data security as financial institutions.

Some other steps Bell suggested are to educate yourself on phishing scams and regularly check your EFIN, PTIN and POA files. If any number of returns on these reports doesn’t match your records, someone may be filing under your name or business without your permission.

“Reviewing your POAs should be on your list for January, especially if someone has retired,” Bell said.

The IRS urges all tax professionals to implement the six items on the “Taxes-Security-Together” checklist and continue to learn about current scams.

“It’s important not just to have the security plan itself, but make sure you do all the backend work,” Bell said. “An action plan can save valuable time and protect your clients and yourself.”

Related Events

SOC Cybersecurity Certificate Program

Self-Study | Available Now!

Cybersecurity Virtual Summit: Protect Yourself, Protect Your Company Webinar

Jan. 28 | Webcast

Leave a comment